Australians are among the most cyber-aware users in the world, but that doesn’t mean the nation couldn’t benefit from a radical rethink of the way it attracts and trains its cybersecurity workforce.
The shortfall in cybersecurity skills is dramatic. And policy-makers and corporate leaders need to think creatively about how they meet the security demands of the digital economy.
Speaking at the InnovationAus.com Cyber Security Leaders’ roundtable hosted by PwC in Melbourne recently, PwC’s Asia Pacific Cyber Lead Steve Ingram said cyber skills were not just about computer science, programming or mathematics.
He said cyber security’s thorny dilemma required a rounded set of skills – and that cyber security specialists could be drawn from many different disciplines, from psychology to law and everything in between.
But strong leadership from the cyber sector was crucial to finding these people, and then re-skilling them, Mr Ingram said.
“I’ve found over the years that we can teach technology skills to anyone, but we’ve got to find the people with the right aptitude first,” he said. “And that really requires leadership in our organisations to help drive that focus on aptitude in recruitment not just tech.”
“There are good people out there, but we need to drive awareness and engagement to make sure they understand the opportunities that available in cyber [for their career].”
The emphasis on information sharing and collaboration between cyber stakeholders was critically important to developing the Australian cyber security sector.
“We’re all in this together, and we can only make the nation stronger if we work together,” Mr Ingram said.
“The bad guys share information and we need to do the same. Sharing information about threats and responses will lift the tide for everyone, and we can truly make Australia a better place to do business.”
If the Australian cyber sector collectively put an emphasis on education and training for its cyber work, the pool of cyber talent would quickly grow.
ASX-listed cybersecurity specialist Covata chief executive Ted Pretty has called for a radical overhaul of the skilled visa program to make it easier to bring top cyber talent into the country.
It comes as the government this year scrapped the 457 visa program for skilled migration in favour of a new visa subset with fewer listed skills and options for a permanent pathway to Australia.
Mr Pretty said that this situation is putting Australia far behind the rest of the world in the global war for cyber talent.
He says that far from tightening restrictions on the kind of technical talent needed in cyber security, Australian policy-makers should be doing “something radical”, like increasing the numbers by ten-fold in IT and cyber.
“The 457 visa situation will slow us down in developing and accessing the right cyber skills,” Mr Pretty said.
“We need to put these technical skills requirements at the top of priorities, and to do something radical to increase the talent and knowledge being brought to Australia.”
Mr Pretty pointed to the actual stats to show that those on 457 visas aren’t taking Australian jobs in cyber, and that Australia needs to attract thousands more professionals from around the world.
“People say that 457 visas are taking the place of Australian jobs, but when you look at it that’s not the case.
“There are about 450,000 457 visas granted in a four year period. Of that about 177,000 are active and 90,000 are for the primary holder. Of that only a few thousand are in IT. And there are just 75 in cyber,” he said.
He believes that the cyber sector is critically important, and that it is an industry where Australia can excel – as the Australian Government Cyber Strategy suggests – then more radical thinking around 457s is important.
“If we are serious in any field of endeavour where we think we have a natural advantage. then why don’t we put in place more aggressive policies? We could increase [cyber skilled visa numbers] ten-fold or twenty-fold,” Mr Pretty said.
“Why not be bold about it? If we miss this bus, it’ll be someone else taking our advantage.”
The Australian cyber security sector is in competition with governments from around the world to attract the best talent, Mr Pretty said, and effort needed to be made to make it as attractive as possible.
“Other governments are trying to attract our businesses over there. We’ve got to outsmart them because they’re targeting the exact same thing that we are,” he said.
“Unless we lift game and are able to attract talent here to support our domestic requirements – and our requirements to build products here and export them to overseas markets – we will be too late for this opportunity.”
Australian companies also need to think outside the box to address the cyber skills gap, and consider outsourcing work to other local small tech businesses, AustCyber CEO Craig Davies said at the conference.
“Maybe what you need to do is ensure you have good senior management and a board that understands the opportunities, and then find those partners in Australia that can help you deliver on that,” he said.
“You may not have enough work to keep a security person fully engaged. Everybody wants to build the same thing.
“We need some fresh thinking around firms engaging with this aspect of the business. This is one area where we should try a bit more.”
As Ingram says “we can’t all keep building the same castles – we will surely run out of raw materials before we know it”
PwC is a valued supporter of InnovationAus.com, and was a strategic partner of the ‘Cyber Security: The Leadership Imperative’ forum held in Melbourne in October.